So in a fit of security through obscurity, I renamed my WordPress database tables and promptly broke WordPress with a highly informative “You do not have sufficient permissions to access this page.” error message when accessing wp-admin.
Changing the prefix is easiest done with a new installation, but my installation dates from the very first versions of WordPress when the dinosaurs roamed. Due to WordPress’s design, changing the database prefix (‘wp_’) is not as straightforward as you would expect.
In this exercise, we’re going to change from the default “wp_” prefix to “foo_”. If you’re doing this for security through obscurity reasons, don’t use “foo_”, use something you made up. Trust me, my prefix is NOT “foo_”. In wp-config.php, change:
$table_prefix = 'wp_';
$table_prefix = 'foo_';
Once you’ve saved the file, your WordPress installation is now officially broken. Move fast!
Rename your tables
use myblog show tables
and for each of the tables you see there, do this:
rename table wp_options to foo_options;
At this point, your blog will now be viewable again, but you will not be able to administrate it. Accessing /wp-admin/ will say “You do not have sufficient permissions to access this page.”
Fix WordPress Brain Damage
Let’s go ahead and fix that for you:
UPDATE foo_usermeta SET meta_key = REPLACE(meta_key,'wp_','foo_'); UPDATE foo_options SET option_name = REPLACE(option_name,'wp_','foo_');
1 thought on “Securing WordPress with obfuscation”
I’m a fan and user of http://www.wordfence.com/